Mysql database and php

[randyrr]

This is my validateuser page that process the from from the login page (This works)

PHP Code:

<?php

?>

<html>
<head>
<title></title>
<link rel="stylesheet" href="../css/style2.css" type="text/css" charset="utf-8" />
</head>
<body bgcolor="#694545;">

PHP Code:

<?php


function getData(){};

// Connect to the server            
        $db = mysql_connect("localhost", "root", "test") 
        or die("testing connection");
        echo ("connected");        

    

// connect to the db
        mysql_select_db("educational", $db) or
        die("cannot connect to the database");
        echo(" <br />Connection  successful<br/>");



if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in
if(!$_POST['student_username'] | !$_POST['student_password']) {
die('Error! </br> Required Fields are incomplete!</br >You did not fill in a required field!</br>
    Click here to <a href="login.php">go back</a>.');
}

}

if($_SERVER['REQUEST_METHOD']=="POST"){

$qer="select * from student where student_username='".$_POST['student_username']."' and student_password='".$_POST['student_password']."'";
$res=mysql_query($qer);
$num=mysql_num_rows($res);
if($num==0)
{
$msg=1;
}
else if($num==1)
{
session_unregister("student_username");
session_register("student_username");
$_SESSION['student_username']=$_POST['student_username'];

session_unregister("student_id");
session_register("student_id");
$_SESSION['student_id']=getData("student","student_id","student_username='".$_POST['student_username']."' and student_password='".$_POST['student_password']."'");

echo'<script language="javascript"></script>';
echo'<script language="javascript">window.location.href="welcome.php";</script>';
}
}


?>

<!-- prints invalid user: -->

 <?php if(!empty($msg) && $msg==1)

    {echo "Oops! Login error, please check you username or password or click <a href=login.php> here </a> to try logging in again.";}
?>
</body>
</html>

<?php
?>

However, when i set the session below, my guess is that it parses false and goes back to the validateuser(login) page.....

When i removed the session details, only then i can go to the welcome page....
I can't seem to figure out why the 'session empty' is saying true, even though the login credentials are fine.... :(


This is my Welcome Page....

HTML Code:

<?php 
session_start();  

    if(empty($_SESSION['login'])) {  
    header ("Location: login.php");  
    } 	

?>

<html>
<head>

<title>AEW | WELCOME</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="../style.css" rel="stylesheet" type="text/css" />

<script type="text/javascript" src="../js/form.js"></script>


</head>

<body>

<div id="container">

<div id="banner"><h1>Adult Educational Website</h1></div>

<div id="navcontainer">

			<ul id="navlist">                           
				<li id="active"><a id="current" href="http://www.techsupportforum.com/design-forum/index.html">Homepage</a></li>
				<li><a href="http://www.techsupportforum.com/design-forum/upload.html">Upload Assignments</a></li>
				<li><a href="courses.php">View All Courses</a></li>
				<li><a href="http://www.techsupportforum.com/design-forum/contact_us.html">Contact Us</a></li>

			</ul>
</div>

<div class="intro">

<h2>Welcome to <span style="font-weight:bold; color:#069;">I-Edu</span></h2>

<p><img class="imgleft" src="http://www.techsupportforum.com/design-forum/img/orb.png" alt="icon" title="icon" /> <strong>This is the First website of its kind, here you can upload your assignments.</strong> </p>
<p>&raquo; <a href="#">Read more</a></p> </div>

<div class="separator"></div>

<div class="intro2"><h2>Personalize</h2>
<p><img class="imgleft" src="http://www.techsupportforum.com/design-forum/img/orb.png" alt="icon" title="icon" /> Please register to gain free access to thousands of journals and other resources... </p>
<p>&raquo; <a href="#">Read more</a> </p></div>

<div class="intro3"><h2>Uploading Assigments</h2>
<p><img class="imgleft" src="http://www.techsupportforum.com/design-forum/img/orb.png" alt="icon" title="icon" /> We are a small school located in Central London...</p>
<p>&raquo; <a href="#">Read more</a> </p></div>

<div style="clear:both;"></div>

<div id="sidebar">

<h1>News</h1>

<p> Earn your degree online, <br />coming soon !!!</p>


<h1>Links </h1>

			<ul>
				<li><a href="#">Snapp Happy</a></li>
				<li><a href="#" title="The Open Design Community">TODC</a></li>
				<li><a href="#">Andreas Viklund</a></li>
				<li><a href="#">James Koster</a>  </li>
				<li><a href="#">OSWD</a></li>
				<li><a href="#"> CSS play </a></li>
				<li><a href="#" title="CSS menus">Listamatic </a></li>
			</ul>

</div>

<div id="content">

  
  <table style="bordercolor:#FFFFFF; bordercolorlight:#C0C0C0; bordercolordark:#808080; bgcolor:#FFFFFF" border="0" width="70%" cellspacing="0" cellpadding="0">
	<tr>
	<td style="bordercolor:#000000; bordercolorlight:#000000; bordercolordark:#000000; bgcolor:#000000">
		
<?php
	
	print "Welcome, {$_SESSION['student_fname']} {$_SESSION['student_lname']}!";
	print  "and thanks for registering, you can feel free to enjoy any content on this site.!!"


		?>

]		<br /><br />Regards,<br />The University Web Team
	



					</td>
					</tr>
					</table>

    
</div>

<div id="footer">

<a href="#">homepage</a> | <a href="mailto:">contact</a> | <a href="http://validator.w3.org/check?uri=referer">html</a> | <a href="http://jigsaw.w3.org/css-validator">css</a> |  &copy; 2007 
</div>

</div>
</body>
</html>

<?php

?>

[[Moderator's Note: please use [php] and [html] as Redcore suggested.]]

[Redcore]

It doesn't appear that you're setting the LOGIN session variable, but rather just the "student_id" session variable.

PS in PHP5 you don't need to register session variables ;)

[randyrr]

lol...waw, now i'm more at a loss....lol
Do mean this line of code?

PHP Code:


session_unregister("student_username"); 
session_register("student_username"); 
$_SESSION['student_username']=$_POST['student_username']; 

session_unregister("student_id"); 
session_register("student_id"); 
$_SESSION['student_id']=getData("student","student_id","student_username='".$_POST['student_username']."' and student_password='".$_POST['student_password']."'"); 

echo'<script language="javascript"></script>'; 
echo'<script language="javascript">window.location.href="welcome.php";</script>'; 
} 
} 

?> 


If so, how do I then integrate the Login session variable??...i'm stumped... :(

[Redcore]

In your validation you're trying to see if the session variable "login" exists - if you don't set it, it will always send it back to the login page.

Your code should *theoretically* look more like this:

PHP Code:

<?php
$_SESSION['student_username']=$_POST['student_username']; 

$_SESSION['student_id']=getData("student","student_id","student_username='".$_POST['student_username']."' and student_password='".$_POST['student_password']."'"); 
$_SESSION['login'] = 'set';

echo'<script language="javascript"></script>'; 
echo'<script language="javascript">window.location.href="welcome.php";</script>'; 
} 
} 

?>

Alternatively you can set up the validation script to check for the 'student_id' session variable instead of 'login' ...

PHP Code:

<?php 
session_start();  

    if(empty($_SESSION['student_id'])) {  
    header ("Location: login.php");  
    }     

?>

Is that more clear?

[randyrr]

Crystal clear Redcore!!! but...lol..i'm still having the same problem, with both examples.....all

after making validation changes, all i have atop the protected page is

PHP Code:


<?php 
session_start(); 

if(empty($_SESSION['student_id'])) { 
header ("Location: login.php"); 
} 

?>

[Redcore]

Hmm. Works for me. Do you have "session_start();" at the top of your login page?

[randyrr]

yeah i do... see below my login page (validateuser.php)

PHP Code:

<?php
session_start();


function getData(){};

// Connect to the server            
        $db = mysql_connect("localhost", "un", "pw") 
        or die("testing connection");
        echo ("connected");        

    

// connect to the db
        mysql_select_db("educational", $db) or
        die("cannot connect to the database");
        echo(" <br />Connection  successful<br/>");



if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in
if(!$_POST['student_username'] | !$_POST['student_password']) {
die('Error! </br> Required Fields are incomplete!</br >You did not fill in a required field!</br>
    Click here to <a href="http://www.techsupportforum.com/design-forum/login.html">go back</a>.');
}

}

if($_SERVER['REQUEST_METHOD']=="POST"){

$qer="select * from student where student_username='".$_POST['student_username']."' and student_password='".$_POST['student_password']."'";
$res=mysql_query($qer);
$num=mysql_num_rows($res);
if($num==0)
{
$msg=1;
}
else if($num==1)
{


$_SESSION['student_username']=$_POST['student_username'];  

$_SESSION['student_id']=getData("student","student_id","student_username='".$_POST['student_username']."' and student_password='".$_POST['student_password']."'");  
$_SESSION['login'] = 'set'; 

echo'<script language="javascript"></script>';  
echo'<script language="javascript">window.location.href="welcome.php";</script>';  


}
}


?>

<!-- prints invalid user: -->

 <?php if(!empty($msg) && $msg==1)

    {echo "Oops! Login error, please check you username or password or click <a href=login.php> here </a> to try logging in again.";}
?>

once i select another page, e.g page2.html that has :

PHP Code:

<?php  
session_start();  

if(empty($_SESSION['student_id'])) {  
header ("Location: login.html");  
}  

?>

it goes back to login.html page :(:(:(:(

[Redcore]

Let's go through your login script. It seems to have a lot of security holes and various practices I'm unclear about.

A) Why is your "getData" function empty? Doesn't seem to actually do anything.

B) Never put non-sanitized user-defined variables into anything, especially database queries. Do that by using mysqli_real_escape_string

PHP Code:

$student_username = mysqli_real_escape_string( $_POST['student_username'] ); 


C) Always encrypt passwords and never put cleartext passwords anywhere. Use MD5 to encrypt with a salt (adding some extra characters after the password is input).
Example:

PHP Code:

$original_password = 'password02' 
/* -> our user is naive and thinks this is secure! many hackers have a 
huge table with thousands/millions of encrypted password with their 
correlated cleartext unencrypted password. we need to add some text 
to force a password to encrypt differently than it normally would...*/
$original_password = $original_password . '#random_89827$';
// -> NOW encrypt...
$original_password = MD5($original_password); 


D) I'm not sure what you're trying to store in the 'student_id' SESSION variable. Since the "getData" function is empty (aka, useless) that variable is not storing anything. Nothing is getting stored in the 'student_id' SESSION variable, so it will always come up empty in subsequent validations.

[randyrr]

sigh....ok..Thanks alot Redcore!!

Maybe i should've mentioned that i'm a newbie and don't really know how to fix the problem, so i'd save alot of time...

Please bear with me... :(

[Redcore]

Hah, I gathered that you're new - everyone has to start somewhere :) I'm always totally happy to help so long as the person I'm helping doesn't depend on me - meaning they try to do it themselves a few times before asking. :)

[randyrr]

Super cool man!!! Thanks!!! :-)

Hey Redcore, I've come up with this, but it still doesn't work... :(

PHP Code:

<?php session_start();

if (isset($_GET['logout']))
{
    $_SESSION = array();
    if ($_COOKIE[session_name()])
    {    setcookie(session_name(), '', time()-42000, '/');
}
session_destroy();

}
if (isset($_POST['username']))
{
$username = htmlentities($_POST['username']);
$password = htmlentities($_POST['password']);

if ( $username == '$_POST["student_phone"]   ' and $password == '$_POST["student_phone"]   ')
{
        $_SESSION['username'] = $username;
echo 'login successful <br />';
echo 'Welcome,'. $username;
}
else
    {
        echo '<span style=color: red />Login Failed<br />';
        echo $username. ', does not exist';
    }


//convert the field values to simple variables 

//add slashes to the username and md5() the password 
$username = addslashes($_POST['username']); 
$password = md5($_POST['password']); 


//set the database connection variables 

$dbHost = "localhost"; 
$dbUser = "root"; 
$dbPass = "test"; 
$dbDatabase = "educational"; 

//connet to the database 

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); 

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); 

$result=mysql_query("select * from users where username='$user' AND password='$pass'", $db); 

//check that at least one row was returned 

$rowCheck = mysql_num_rows($result); 
if($rowCheck > 0){ 
while($row = mysql_fetch_array($result)){ 

  //start the session and register a variable 

  session_start(); 
  session_register('username'); 

  //successful login code will go here... 
  echo 'Success!'; 

  //we will redirect the user to another page where we will make sure they're logged in 
  header( "Location: checkLogin.php" ); 

  } 

  } 
  else { 

  //if nothing is returned by the query, unsuccessful login code goes here... 

  echo '<br />Incorrect login name or password. Please try again.'; 
  } 
  } 
  ?>

HTML Code:

<html>
<head>
<title>TEst</title>
<!-- <link rel="stylesheet" href="../style.css" type="text/css" charset="utf-8" />	-->
</head>

i have test data that i manually put into the db, but is says the "username" doesn't exist

[[Moderator's Note: please do not double-post. Ask a member of staff to edit your original post or merge consecutive postings. Thank you. —dm01]]

[Redcore]

So long as "<username> doesn't exist" is indeed the error you're receiving, you hard coded that and this is what it's stumbling on:

PHP Code:

if ( $username == '$_POST["student_phone"]    ' and $password == '$_POST["student_phone"]    ')
        {
        $_SESSION['username'] = $username;
        echo 'login successful <br />';
        echo 'Welcome,'. $username;
        }        else        {
        echo '<span style=color: red />Login Failed<br />';
        echo $username. ', does not exist';
        } 


It looks like you're trying to validate the posted username/password but I'm not sure why you're validating this way.

A few more notes:

• "htmlentities()" doesn't do a whole lot for you in this scenario
• Use "mysql_real_escape_string()" to prevent SQL injection
• It's typically best to leave variables outside of quotes. Putting variables in quotes seem to cause problems at times, I don't know why. Anyways, it's more difficult to see that it's a variable because it's formatted as a string in all text editors.
• I'm a self-confessed "format Nazi" - but I really do believe that good consistent formatting is a keystone of good development. It'll help you work through the program flow a lot faster, you see where you're in a loop and what loop you're in much easier.
• Any time you echo or print anything to the screen, you lose the ability to use "header()"
• When you're just doing a basic row check, the data you pull back is not important. Therefore, instead of selecting all ("SELECT * FROM ... ") just select a small field to minimize memory usage (which is probably minimal when you have a small table, but it's a good practice).
• As of PHP5, you no longer need to manually register each session variable. Just the act of setting a session variable (ie: "$_SESSION['variablename'] = 'test'; ") automatically registers the variable in the same way that you don't have to register normal variables. Cool, huh? :)
• I only reformatted your code - you'll need to set the cookie (after the session variable is created) and you should look into fixing the logout portion yourself before I help with it (I know, lame - but it's in the effort to make sure you learn! ).

I reworked most of your code (in the login section) so try this out...

PHP Code:

<?php 
session_start();

if(isset($_GET['logout']))
    {
    $_SESSION = array();
    if ($_COOKIE[session_name()])
        {
        setcookie(session_name(), '', time()-42000, '/');
        }
    session_destroy();
    }
    
if(isset($_POST['username']))
    {
    // convert the field values to simple variables 
    // add slashes to the username and md5() the password 
    // escape any SQL injection with mysql_real_escape_string
    $username = mysql_real_escape_string($_POST['username']);
    $username = addslashes($_POST['username']);
    $password = md5($_POST['password']);
    
    //set the database connection variables 
    $dbHost = "localhost"; 
    $dbUser = "root"; 
    $dbPass = "test"; 
    $dbDatabase = "educational";
    
    //connect to the database 
    $db = mysql_connect($dbHost, $dbUser, $dbPass) or die ("Error connecting to database."); 
    mysql_select_db($dbDatabase, $db) or die ("Couldn't select the database."); 
    
    // run the query - only pull "username" field because it's useless to us, so there's no need to pull back everything
    // -> we just want to count the number of rows pulled as a result of the query below.
    $result=mysql_query("SELECT username FROM users WHERE username='".$username."' AND password='".$password."'", $db); 
    
    //check that at least one row was returned 
    $rowCheck = mysql_num_rows($result); 
    if($rowCheck > 0)
        {
        $_SESSION['username'] = $username;
        
        //we will redirect the user to another page where we will make sure they're logged in
        header( "Location: checkLogin.php" );
        }    else    {
        //if nothing is returned by the query, unsuccessful login code goes here...
        echo '<br />Incorrect login name or password. Please try again.';
        }
    }
?>

[randyrr]

Hey RedCore, I've managed to get through with the PHP sessions, but i just wanna say thanks man!!!!

I have a simpler problem though?

i'm trying to store 'date and time' info in my database,

My code so far is

From HTML Form


Date Required:<select size="1" name="Date" value="dd">
<option selected>day</option>
<option>01</option>
<option>02</option>
<option>03</option>
<option>04</option>
<option>05</option>
<option>06</option>
<option>07</option>
<option>08</option>
<option>09</option>
<option>10</option>
<option>11</option>
<option>12</option>
<option>13</option>
<option>14</option>
<option>15</option>
<option>16</option>
<option>17</option>
<option>18</option>
<option>19</option>
<option>20</option>
<option>21</option>
<option>22</option>
<option>23</option>
<option>24</option>
<option>25</option>
<option>26</option>
<option>27</option>
<option>28</option>
<option>29</option>
<option>30</option>
<option>31</option>
</select>

<select size="1" value="mm">
<option selected>month</option>
<option>January</option>
<option>February</option>
<option>March</option>
<option>April</option>
<option>May</option>
<option>June</option>
<option>July</option>
<option>August</option>
<option>September</option>
<option>October</option>
<option>November</option>
<option>December</option>
</select>

<select size="1" value="yyyy">
<option selected>year</option>
<option>2009</option>
<option>2010</option>
</select>

Time Required:

<select name="Time" size="1">
<option value="HH">hh</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>

<option value="4">4</option>
<option value="5">5</option>
<option value="6">6</option>
<option value="7">7</option>
<option value="8">8</option>
<option value="9">9</option>

<option value="10">10</option>
<option value="11">11</option>
<option value="12">12</option>
</select>

<select name="Time" size="1">
<option value="MM">mm</option>
<option value="00">00</option>

<option value="05">05</option>
<option value="10">10</option>
<option value="15">15</option>
<option value="20">20</option>
<option value="25">25</option>
<option value="30">30</option>

<option value="35">35</option>
<option value="40">40</option>
<option value="45">45</option>
<option value="50">50</option>
<option value="55">55</option>
</select>

<select name="Time" size="1">
<option selected>am/pm</option>
<option value="AM">AM</option>
<option value="PM">PM</option>
</select>

in my php form i have

PHP Code:

<?php
$formdate = $_POST['date'];
echo "</br>";
$formtime = $_POST['time'];
echo "</br>";
?>

Obviously i know that u realise i can't pass any values but even when it does pass, i cannot store it in mysql because mysql accepts a 'dd-mm-yyyy' format etc...

The question however is,

How can get my html form to store all selected options as ONE date field, to insert into my database (dd-mm-yyyy) ???

I'm stumped..

Thanks alot for ur time..


Randyrr

[Redcore]

You COULD try to use jQuery UI and one of these datetime picker libraries...
http://milesich.com/timepicker/
http://blogs.uct.ac.za/blog/lovemore...te-time-picker

But if you want to do it manually, you'd take all those values, pass them individually, and "paste" them together with PHP:

PHP Code:

<?php
$day = $_POST['day'];
$month = $_POST['month'];
$year = $_POST['year'];

$date = $year . '-' . $month . '-' . $day;
?>

Personally, I go the jQuery route. They have a date picker that is built into their library, the two above are external (to include time functionality) and I haven't yet tried them.

[randyrr]

THank you so much Redcore,

I got through with the Date/Time thingy!!!!

I'm trying to Update a specific row in mysql when the user selects a button from a form in PHP

Here goes:

PHP Code:


echo "<table border='1' cellspacing='1' bgcolor='black'>
    <tr color='FFDDEECC'>
    <th>Job ID</th>
    <th>Job Location</th>
    <th>Job Status</th>
    </tr>";
  
  echo "<tr>";
  echo "<td>" . $row['job_id'] . "</td> ";
  echo "<td>" . $row['Job_loc'] . "</td> ";
  echo "<td>" . $row['job_status'] . "</td> ";
  echo "<td><form name='getjob' method='post' action='update.php'>
  <input type='submit' name='job_id' id='job_id' value='Pickup Job'>
  </form></td>";
  
  echo "</tr></table>"; 


when the user selects "Pickup Job"

i'm trying to pass the job_id so only that row will be updated....

now here's the rest

PHP Code:

<?php

//db connection etc...

$formjob_id = $_POST['job_id'];
echo "</br>";


    $query ="UPDATE jobs SET job_status=0 WHERE job_status=1 AND job_id='$job_id' " or die ("cannot Pickup Job");
            
                            
if ($formjob_id != 0) {
die('Sorry, '.$_POST['user'].' this booking has been picked up already by another driver.');
}

else{
echo"Job $job_id updated<br />";
}        

?>

my problem is that nothing is parsed at all (even is if say '$formjob_id' or simply '$job_id').....what do u think could be the problem ??


Thanks again,

randyrr

[Redcore]

There needs to be a form element to pass it to...

PHP Code:

echo "<table border='1' cellspacing='1' bgcolor='black'>
    <tr color='FFDDEECC'>
    <th>Job ID</th>
    <th>Job Location</th>
    <th>Job Status</th>
    </tr>";
  
  echo "<tr>";
  echo "<td>" . $row['job_id'] . "</td> ";
  echo "<td>" . $row['Job_loc'] . "</td> ";
  echo "<td>" . $row['job_status'] . "</td> ";
  echo "<td><form name='getjob' method='post' action='update.php'>
  <input type='hidden' name='job_id' id='job_id' value='" . $row['job_id'] . "'>
  <input type='submit' name='button' id='button' value='Pickup Job'>
  </form></td>";
  
  echo "</tr></table>"; 


[randyrr]

Hi Redcore,

now the value is passing, but the table does not update....

Could u assist. The same php query above....

Hey RedCore, I figured it out.... i forgot the

PHP Code:

 $result = mysql_query($query); 


at the end...thanks anyways!!!!

randyrr
[[--merged from double-posting —dm01]]
new problem redcore

i want to insert into two separate tables although where the names are the same

here's my php code:

PHP Code:


$sql = "INSERT INTO booking (name_title,first_name,last_name,phone,email,pickup_address_no,pickup_address_name,pickup_comments,date,time,am_pm,vehicle,destination_street,destination_accommodation,option_wheelchair,option_babycapsule,option_childseat,other_special_needs) VALUES ('$formname_title','$formfirst_name','$formlast_name','$formphone','$formemail','$formpickup_address_no','$formpickup_address_name','$formpickup_comments','$date','$time','$formam_pm','$formvehicle','$formdestination_street','$formdestination_accommodation','$formoption_wheelchair','$formoption_babycapsule','$formoption_childseat','$formother_special_needs')" or die ("cannot create booking");
   
   $result =mysql_query($sql);



        $formdestination_street = $_POST['destination_street'];
        echo "</br>";

        $formpickup_address_name = $_POST['pickup_address_name'];
        echo "</br>";


    $sql ="Insert into jobs (destination_address, pickup_address_name, job_status) VALUES ('$formdestination_street','$formpickup_address_name',1)" or die (mysql_error());
    
    $result =mysql_query($sql); 


it doesn't work...only the 1st select statement works so i don't know what to do...
[[--merged from double-posting, guess that'd make this a triple post —dm01--]]
fixed issue

[[Moderator's Note: please try not to make consecutive postings. You can either ask a staff member (via PM) to edit your original post, or to merge consecutive postings. When we have to do it for you we get kind of annoyed. Thank you for helping us keep TSF a nice place for everyone to visit.--]]

[randyrr]

*** fixed previous issue ***

new question

What i'm trying to get at is this:

there are 3 types of vehicles
v1 = 5 seats
v2 = 4 seats
v3 = 3 seats


If the vehicle selected = v1

then
1. check is seating is available
2. create booking
3. decrease the number of available seats

until availability = 5

4. display error


how to write it in a loop (if, while..do or for ).

[Redcore]

You'd use an array and do a "for" loop to check the amount of available seats, create the booking, and alter the array (to remove a seat).

[randyrr]

Hey,

This is my js form

function FrontPage_Form1_Validator(theForm)
{
if (theForm.student_fname.value == "")
{
alert("Please enter your \"First Name\" .");
theForm.student_fname.focus();
return (false);
}

if (theForm.student_fname.value.length < 3)
{
alert("Please enter at least 3 characters in the \"First Name\" field.");
theForm.student_fname.focus();
return (false);
}

if (theForm.student_fname.value.length > 20)
{
alert("Please enter at most 20 characters in the \"First Name\" field.");
theForm.student_fname.focus();
return (false);
}

if (theForm.student_lname.value == "")
{
alert("Please enter your \"Last Name\" .");
theForm.student_lname.focus();
return (false);
}

if (theForm.student_lname.value.length < 3)
{
alert("Please enter at least 3 characters in the \"Last Name\" field.");
theForm.student_lname.focus();
return (false);
}

if (theForm.student_lname.value.length > 20)
{
alert("Please enter at most 20 characters in the \"Last Name\" field.");
theForm.student_lname.focus();
return (false);
}

if (theForm.student_address_no.value == "")
{
alert("Please enter your contact \"Address\".");
theForm.student_address_no.focus();
return (false);
}

if (theForm.student_phone.value == "")
{
alert("Please enter your contact \"Phone\" number.");
theForm.student_phone.focus();
return (false);
}

if (theForm.student_street_name.value == "")
{
alert("Please enter your contact \"Phone\" number.");
theForm.student_street_name.focus();
return (false);
}

if (theForm.student_phone.value == "")
{
alert("Please enter your contact \"Phone\" number.");
theForm.student_phone.focus();
return (false);
}


if (theForm.student_phone.value.length < 7)
{
alert("Please enter at least 7 characters in the \"Phone\" field.");
theForm.student_phone.focus();
return (false);
}

if (theForm.student_phone.value.length > 10)
{
alert("Please enter at most 10 characters in the \"Phone\" field.");
theForm.student_phone.focus();
return (false);
}

if (theForm.student_email.value == "")
{
alert("Please enter your contact \"Email\" address.");
theForm.student_email.focus();
return (false);
}

if (theForm.student_username.value == "")
{
alert("Please enter your contact \"Email\" address.");
theForm.student_username.focus();
return (false);
}

if (theForm.student_password.value == "")
{
alert("Please enter your contact \"Email\" address.");
theForm.student_password.focus();
return (false);
}


if (theForm.student_password.value !== theForm.student_password2.value)
{
alert("Your password does not match");
theForm.student_password.focus();
return (false);
}

return (true);
}



how can i check validation against apostrophes (')being entered in the database,
as well as proper email validation, using the above script?

thanks randyrr